Best Practices for Naming an Active Directory Domain

naming

When you’re naming domains, it should be planned as carefully as you would in naming your first child – of course I’m exaggerating – but it’s worth planning carefully.  For those of you who fail to heed this advice, we’ve written a tutorial on how to rename a domain. 🙂

Popular Domain Naming Mistakes

Before we discuss current best practices, there are a couple of popular practices that are no longer recommended.

The first is using a generic top-level domain. Generic TLDs like .local, .lan, .corp, etc, are now being sold by ICANN, so the domain you’re using internally today – company.local could potentially become another company’s property tomorrow. If you’re still not convinced, here are some more reasons why you shouldn’t use .local in your Active Directory domain name

Secondly, if you use an external public domain name like company.com, you should avoid using the same domain as your internal Active Directory name because you’ll end up with a split DNS. Split DNS is when you have two separate DNS servers managing the exact same DNS Forward Lookup Zone, increasing the administrative burden.

Better Naming Options

For the time being, until things change, as they inevitably do, here are two domain naming options for you.

The first one is to use an inactive sub-domain of a domain that you use publicly. For instance: ad.company.com or internal.company.com. Advantages to this most-preferred approach includes:

  • Only one domain name needs to be registered – even if you later decide to make part of your internal name publicly accessible
  • Enables you to simply and separately manage internal and external domains
  • All internal domain names will be globally unique

The only microscopic drawback is that you’ll have more to type when entering FQDNs on your internal network, so make your subdomain name as short as possible!

However, if it is not feasible for you to configure your internal domain as a subdomain, you can use another domain that you own, which isn’t used elsewhere. For instance, if your public web presence is company.com, your internal domain can be named company.net, only if it’s registered and if it’s not used anywhere else. The main advantage is that you’ve secured a unique internal domain name. However, the disadvantage is that this approach requires you to manage two separate names.

And, once you’ve mulled over names, you’ll want to visit this site to ensure you don’t let a tiny colon : or tilde ~ ruin your day.

Get the latest security news in your inbox.

Next Article

What You May Have Missed

  • Amanda

    “Generic top-level domains like .local, .lan, .corp, etc, are now being sold by ICANN” – Where did this information come from?

    http://data.iana.org/TLD/tlds-alpha-by-domain.txt <- it's not listed

    .local is private only. I'm pretty sure I'm comfortable at this point saying this won't happen. But I could be wrong.

  • Howard

    Where can I register a .local domain name? ICANN does not allow registration through them, and every registrar that I have searched has no ability to register a .local domain. All the technical articles I can find list .local as not being available on the internet. Please post a relevant source, this sure feels like FUD.

  • http://eric.kamander.com Eric Kamander

    You’re so right Cindy. I’ve been saying this for years. That’s why I own kamander.com and kamander.net for my personal domains, as well as mmaratings.com and mmaratings.net for my business.

  • Pingback: Active Directory Domain Naming Best Practices | Oxford SBS Guy()

  • Dustin Walker

    When searching google for domain name best practices this is the first thing that show’s up and i would like to say congrats. I would like to say that you’ve probably deterred people’s research due to your scare tactic.

    AFRINIC IANA-SERVERS NRO ALAC ICANN RFC-EDITOR APNIC IESG RIPE ARIN
    IETF ROOT-SERVERS ASO INTERNIC RSSAC CCNSO INVALID SSAC EXAMPLE* IRTF
    TEST* GAC ISTF TLD GNSO LACNIC WHOIS GTLD-SERVERS LOCAL WWW IAB
    LOCALHOST IANA NIC

    *Note that in addition to the above strings, ICANN will reserve translations of the terms
    “test” and “example” in multiple languages. The remainder of the strings are reserved
    only in the form included above

    Listed above are TLD’s that will never be allowed to be purchased. You stated “.local” which is the most commonly used TLD for local domains. You’re information has definitely scared alot of people and made people wrongly do their jobs.